Would love to get some eyes on a new Ownable esque implementation I wrote today for AssemblyPress. it is a tweak of normal OwnableUpgradeable, but is called DualOwnableUpgradeable and gives (in rough version rn) two trusted addresses the ability upgrade the factory proxy at once. The reason this is helpful is so that the DAO ¶ can be given revoke rights (aka super admin aka ownership) on the protocol from day 1, while still giving a trusted team (atm me and @salief are the only ppl rlly working on the protocol – more help would be amazing) the ability to move faster than the dao upgrade process as we continue locking in v1 of the protocol/product integrations going on.
there are some lingering questions I have about the implementation you can see in this figma here (will include the screenshot below), and clearly have many more tests to write to ensure thigns are working as properly. here are the initial tests I wrote, and here is the PR I just put up (shouldnt be merged yet)
non-technical take on the questions, and my bad if i’m answering the wrong questions here:
there’s a couple layers here to unpack here.
right now, the trusted operator team is made up of two members of the DAO i.e salief and tranqui. we can imagine a future though in which a new set of folks begin to work on the protocol in tandem perhaps even faster (i.e via a grants program etc). then it makes sense to give up the 2nd admin role to the new trusted operator team since they (salief and tranqui) have the ability to contribute via the DAO role.
if thats the case, then the DAO should be able to change the address of the 2nd admin and reinstate a 2nd admin address to give new teams a chance to contribute and give the protocol the flexibility to change over time.
another question comes up though, should the Owner i.e DAO be able to change the address of the primary Owner, and propose a new Owner? although rare, super admin access should grant the DAO the ability to promote a new Owner in its place.
yea u are totally getting why it seems nice for the primary owner (ex: DAO) to be able to adjust the address of the secondary owner, not just be able to revoke it. in practice, I imagine what will happen is that me + salief will use a gnosis multisig as the address of the trusted second operator, and well be able to add/remove ppl to that gnosis over time. but yes, the DAO would be able to propose a full address change of the second owner at anytime.
important to remember that ppl can also propose upgrades to the protocol at any time, theyll just need to go thru the proposal route as defined by nouns protocol governance
I would say the Owner i.e DAO should def be able to change the address of the primary owner, in scenarios where we may find ourselves migrating to new governance contracts (or any other reason deemed necessary)
the one thing I would point out about all of this is that because the primary owner in PAs case will be a wallet that can only trigger upgrades via proposal process, the secondary owner (if malicious) could trigger an upgrade much faster than the DAO – for example in the case that the DAO is proposing to remove the ownership rights of the trusted team. in this way, it feels kind of like this entire structure is a formality, but maybe thats just me being cynical about the approach